Liongard

Roar Users Guide & Documentation

Welcome! You'll find comprehensive guides and documentation to help MSPs start working with Liongard's Roar as quickly as possible, as well as support if you get stuck. Let's go #MakeITRoar!

Get Started    

Cisco ASA

This document provides the steps required to configure the Cisco ASA Inspector.

👍

Quick Details

Recommended Agent: On-Premise
Supported Agents: On-Premise or Self-Hosted
Is Auto-Discovered By: N/A
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: SSH
Data Summary: Here

Overview

See it in Action

Video isn't playing? Click here.

Inspector Setup Preparation

This is the recommended method of inspecting a Cisco ASA firewall appliance with Liongard.

Cisco ASA Configuration for On-Premise Inspection Requirements

🚧

On-Premise Windows Agent

Please follow the instructions to provision an on-premise Windows agent before proceeding.

Install the Windows Agent on a server within the network residing behind the firewall of the Cisco device.

🚧

Configuring Management via SSH

You must allow the agent to communicate with the device via SSH. Follow the steps outlined in the Cisco Configuration Guide for your version to setup SSH access.

Note
There are two methods for SSH authentication. Liongard currently only supports the Enable Password method with Username and Password. SSH Private Key and Passphrase Authentication are currently still being developed.

Liongard Inspector Setup

Individual Inspector Setup

In Liongard, navigate to Admin > Inspectors > Navigate to the Cisco ASA Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System Inspector should be associated to
  • Friendly Name: Suggested "Cisco ASA [Environment Name]"
  • Agent: Select the On-premise Agent installed for this Environment
  • Inspector Version: Latest
  • IP/Hostname: Enter the address used to access the device
  • SSH Port: Provide the port that SSH is listening on. Default for SSH is typically 22
  • SSH Username: Input the Username configured to authenticate with SSH

If you chose to create an SSH User Account:

  • Enable Password: Input the password created during the SSH setup
  • SSH Password: Input the password configured in the SSH setup

If you chose to use an SSH Private Key and Passphrase:

  • SSH Private Key: Provide the Private Key

  • SSH Passphrase for Private Key: (IF CONFIGURED) Provide the Passphrase generated

  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute

Roll out Inspectors at Mass via CSV Import

For more information, please watch our How To video

To import Cisco ASA Inspectors via CSV Import, navigate to Admin > Inspectors > Cisco ASA > Select the down arrow icon in the top right-hand to Download CSV Import Template.

In the CSV Template, each row, starting on row three, will represent an Inspector. Fill in the following information for each Inspector you want to roll out:

  • Agent.Name: This column is case sensitive. Copy and paste the associated Agent name from the Admin > Agents screen
  • Inspector.Name: Enter "cisco-asa-inspector"
  • Environment.Name: This column is case sensitive. Copy and paste the associated Environment name from the Dashboard screen
  • Alias: Enter the Desired Friendly Name
  • Config.SSH_HOST: Enter the IP address or the hostname used to access the device
  • SecureConfig.SSH_PORT: Enter the port that SSH is listening on (default for SSH is typically 22)
  • SecureConfig.SSH_USER: Enter the Username configured to authenticate with SSH
  • FreqType: Enter "days"
  • FreqInterval: Enter "1"

If you chose to create an SSH User Account, leave the SecureConfig.SSH_PRIVATE_KEY and SecureConfig.SSH_PASS_PHRASE columns empty, and fill out the following columns:

  • SecureConfig.ASA_PASSWORD: Enter the password configured on the device
  • SecureConfig.SSH_PASSWORD: Enter the password configured for the user

If you chose to use an SSH Private Key and Passphrase, leave the SecureConfig.ASA_PASSWORD and SecureConfig.SSH_PASSWORD columns empty, and fill out the following columns:

  • SecureConfig.SSH_PRIVATE_KEY: Enter the Private Key
  • SecureConfig.SSH_PASS_PHRASE: Enter the Passphrase generated

When ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > Cisco ASA > Select the up arrow icon in the top right-hand to Import CSV > Select your saved template.

After the successful import notification, reload your browser to find your imported Inspectors.

These Inspectors will automatically trigger themselves to run within a minute.

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

❗️

Inspector Fails with Security Error

If a security error is generated when the Inspector runs, you may need to accept the RSA key on the server with which you are connecting.

You can use PuTTY, and when you do so, you will have the opportunity to add the Key to the server's cache.

Inspector FAQs

Updated about a month ago


Cisco ASA


This document provides the steps required to configure the Cisco ASA Inspector.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.